SIGuard: Guarding Secure Inference with Post Data Privacy

 

Speaker: Dr Xiaoning (Maggie) Liu, RMIT University

 

Abstract: Secure inference is designed to enable encrypted machine learning model prediction over encrypted data. It will ease privacy concerns when models are deployed in Machine Learning as a Service. For efficiency, most of recent secure inference protocols are constructed using secure multi-party computation (MPC) techniques. However, MPC-based protocols do not hide information revealed from their output. In the context of secure inference, prediction outputs (i.e., inference results of encrypted user inputs and models) are revealed to the users. As a result, adversaries can compromise output privacy of secure inference, i.e., launching Membership Inference Attacks (MIAs) by querying encrypted models, just like MIAs in plaintext inference. In this talk, I will first share our observations on the vulnerability of MPC-based secure inference to MIAs, though it yields perturbed predictions due to approximations. Then I will report on our recent research effort in guarding the output privacy of secure inference from being exploited by MIAs. I will also discuss the future research along with the line of privacy-preserving machine learning and deep learning.

 

Bio: Dr Xiaoning (Maggie) Liu is a Senior Lecturer and an ARC DECRA Fellow at the School of Computing Technologies, RMIT University, Australia. Her research interests include secure computation, machine learning security and privacy. Her current focus is on designing  secure multiparty computation protocols to its applications in privacy-preserving machine learning. In the past few years, her work has appeared in prestigious venues in computer security, such as USENIX Security, NDSS, IEEE TDSC, TIFS. She is the recipient of the Best Paper Award of ESORICS 2021, the RMIT HDR Research Prize 2023, the RMIT STEM College Learning and Teaching Award for Excellence for Early Career Educator 2024. She has served on the technical program committee of USENIX Security, EuroS&P, CIKM, the program co-chair of LAMPS at CCS 2025, and Associate Editor of IEEE TSC. Her research has been supported by Australian Research Council and CSIRO.